With the latest 12.1 for macOS and 12.2 for iOS updates in the Safari Browser, there is increased privacy and protection for users when they browse the internet through Safari. This update of the Intelligent Tracking Prevention makes sure that the client side cookie storage is capped to seven days only. Post the seven-day mark, the cookies get expired and thereby deleted.
“With this update, we further reduce trackers’ ability to establish user identities across sites,” says John Wilander, an Apple Webkit Engineer.
This update of the Safari Browser comes with new features that enhance privacy and tracking prevention mechanisms. The developers at Apple are referring to this update as ITP 2.1. The previous version of ITP allowed domains to store partitioned cookies if they were classified with tracking capabilities.
However, with this latest update, that feature is removed and sites that have cross-site tracking capability have to use the Storage Access API for cookie access. Therefore, the partitioned cookies are no longer allowed to be stored in the browser.
According to Apple’s WebKit, here are the reasons for the changes in cookie storage:
1. It simplifies the development process and helps developers in writing code that can battle issues like overwriting of cookies with blank values during logging and logging out of websites.
2. To lower the memory footprint. By removing the partitioned cookies, the storage session’s memory is not overloaded with cookies.
3. By removing these partitioned cookies, ITP can be made to work on greater platforms thereby enhancing the flexibility of it.
“Only cookies created through document.cookie are affected by this change.”
This change will not log users out of their accounts. The cookies responsible for maintaining the login session are Secure and HttpOnly; they are not stored in document.cookie. The session cookies are also not affected and they remain to be session cookies only.
Apple removed support for the Do Not Track (DNT) Signal. As they believe that privacy is a fundamental human right and tracking users across the web without consent is not a fair practice, the ITP was enabled by default for all Safari users. We recently reported about how the Do-Not-Track signal is was pretty much worthless as it was ignored by many developers and didn’t respect the user’s wishes.